Have you ever been frustrated by multi-factor authentication messages? You just signed in, why do you need to again? Or maybe you just signed in, but now you need to access another account so need another MFA code. Are you supposed to get one sent to you via SMS but it just hasn’t shown up yet, so you do it again and now you get two (or more) messages popping up?
MFA is a great, simple way to secure your accounts. It’s night and day different than not having it enabled. We highly recommend it for everybody and for every account.
But it’s not perfect, and totally understandable when it becomes annoying. We’ve been there too, where you roll your eyes and sigh (or some of us curse under our breath) when we have to do it all – AGAIN.
It’s called MFA fatigue and it’s a real thing.
That’s not the worst part though. Cyber criminals are fully aware of this fatigue as well, and they are using it against you.
How does this work? It’s called Push-Bombing, and they essentially bombard you with MFA notices. They are legitimate notifications by attempting to log in to your accounts. They just do it so much, and sometimes even at night, to take you off guard and exploit your tiredness.
With so many notices coming across, there’s a good chance somebody will authenticate one of them through tiredness, frustration, or just trying to shut your phone up.
There’s a way to protect yourself from MFA Fatigue attacks.
It’s called number matching.
Number matching was introduced by Microsoft in their authenticator app as a way of making sure you authenticate the correct login attempt. This prevents criminals from sending you a prompt that you erroneously authorize.
It works by displaying a random 2-digit code when you attempt to log in. Not only do you need your MFA authenticator app, but you need to enter the number into it to validate that it is indeed you logging in. This is a perfect example of “multi” factor authentication rather than just two-factor. Your password is your first authentication, using the Microsoft Authenticator app is a secondary authentication, and the number match is a third authentication.
It’s not that inconvenient either. You can use biometrics to authenticate in the app as well, allowing for fingerprint or facial recognition to prove your identity. This simplifies and speeds up the process altogether.
These security measures will help ensure your accounts, and your data, are secure and not allow criminals to trick you out of it just because you’re tired.
Microsoft Authenticator already has this feature in use, so as long as your app is up to date then you are protected.
If you don’t have an MFA system in place, or just want to make your security better then get in touch. We help many companies secure themselves in this ever-changing landscape of threats.